They email you from a phony paypal domain and try to get you to sign in, then they show that the money is there (on the fake paypal) so you will send the iPhone. At that point, they have your paypal login, and your iPhone.

Oh
didn't see that part in the screengrab.
So, after you send them your paypal address, they follow up with the phony email with phishy links?

Its been awhile since I've had to deal with *legit* eBay emails, so almost anything that comes in, I junk. :/
(and those rare exceptions get run over with a fine-toothed comb).